Virus, trojan, spyware...what have I got?

Discussion in 'Computer Security' started by Basilic, Jan 21, 2004.

  1. Basilic

    Basilic Guest

    I've been notified that I have something on my computer which sends SPAM
    e-mails without me realizing. I'd like to get rid of it and my ISP is
    telling me to reformat my computer. This is something which I'd like to
    avoid.

    This is what I did so far,

    1) Updated and ran AVG - no viruses found.
    2) Ran an online virus checker - housecall.antivirus.com - no viruses found.
    3) Updated and ran Adaware - found lots of spyware and removed them.

    I'm still convincedthat I have this SPAMware, because my network icon keeps
    flashing shortly every second or so. When I check the network connections, I
    see that I am sending (uploading) more than I'm receiving.

    Any ideas of what I could use to find this and remove it? Running XP Pro
    w/SP1 and all the updates installed.

    PS I'm on an internal network, DSL, with the server running Norton Security
    Suite - AV and firewall.

    Thanks
    Basilic
     
    Basilic, Jan 21, 2004
    #1
    1. Advertising

  2. In article <400dd3ca$1_2@aeinews.>, says...
    > I've been notified that I have something on my computer which sends SPAM
    > e-mails without me realizing. I'd like to get rid of it and my ISP is
    > telling me to reformat my computer. This is something which I'd like to
    > avoid.
    >
    > This is what I did so far,
    >
    > 1) Updated and ran AVG - no viruses found.
    > 2) Ran an online virus checker - housecall.antivirus.com - no viruses found.
    > 3) Updated and ran Adaware - found lots of spyware and removed them.
    >
    > I'm still convincedthat I have this SPAMware, because my network icon keeps
    > flashing shortly every second or so. When I check the network connections, I
    > see that I am sending (uploading) more than I'm receiving.
    >
    > Any ideas of what I could use to find this and remove it? Running XP Pro
    > w/SP1 and all the updates installed.
    >
    > PS I'm on an internal network, DSL, with the server running Norton Security
    > Suite - AV and firewall.
    >
    > Thanks
    > Basilic
    >
    >
    >




    There's a new worm out that could be causing it, perhaps your anti-virus
    hasn't added it to the definitions yet?



    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
     
    Colonel Flagg, Jan 21, 2004
    #2
    1. Advertising

  3. Basilic

    Glenn Jarvis Guest

    Colonel Flagg wrote:


    >
    > There's a new worm out that could be causing it, perhaps your anti-virus
    > hasn't added it to the definitions yet?
    >
    >
    >

    AVG is good, but sometimes slow on updating their definitions. I just
    removed it as it kept locking up the system lately. I just installed
    F-Prot which has the latest definitions including that latest little
    gift out there. So far , I've been clear (although I should be with the
    caution I exercise). Isn't there a online virus scanner site? I can't
    for the life of me remember where it was. Might help him in a jam till
    he can find something more suitable. (Just a thought...)
     
    Glenn Jarvis, Jan 21, 2004
    #3
  4. Basilic

    Glenn Jarvis Guest

    Basilic wrote:


    > Any ideas of what I could use to find this and remove it? Running XP Pro
    > w/SP1 and all the updates installed.
    >
    > PS I'm on an internal network, DSL, with the server running Norton Security
    > Suite - AV and firewall.


    Here's a couple of ideas, although I'm sure others will also add their
    ideas as well. AdAware can miss some stuff. I use SpyBot(it can miss
    things that AdAware can pick up on) as well as AdAware. Also, AVG is
    slow somtimes updating their definition files. Might want to consider
    another. I am also DSL, have an internal network, however, I run F-Prot
    for virus protection and no firewall. I'm using the DI-604 router in
    complete stealth mode. I also have the preview pane turned off in my
    mail reader. I check all incoming email via viewing message source
    first. Add the F-Prot email protection, and I seem to be in a good
    position. So far, I've deleted 10 messages that have come in infected
    without ever opening the gaffers. I replied to the Col., as there is a
    site that has an online virus scanner that is usually up to date. Might
    help you in a pinch, but I can't remember the url for it. Hopefully
    someone here can :)
     
    Glenn Jarvis, Jan 21, 2004
    #4
  5. "Basilic" <> wrote in message news:400dd3ca$1_2@aeinews....
    > I've been notified that I have something on my computer which sends SPAM
    > e-mails without me realizing. I'd like to get rid of it and my ISP is
    > telling me to reformat my computer. This is something which I'd like to
    > avoid.
    >
    > This is what I did so far,
    >
    > 1) Updated and ran AVG - no viruses found.
    > 2) Ran an online virus checker - housecall.antivirus.com - no viruses

    found.
    > 3) Updated and ran Adaware - found lots of spyware and removed them.
    >
    > I'm still convincedthat I have this SPAMware, because my network icon

    keeps
    > flashing shortly every second or so. When I check the network connections,

    I
    > see that I am sending (uploading) more than I'm receiving.
    >
    > Any ideas of what I could use to find this and remove it? Running XP Pro
    > w/SP1 and all the updates installed.


    Hmm. Are you *positive* that the message was genuine?

    While it's possible (if there is enough junk on there..) I would be *very*
    surprised that an AUP team would tell you to /reformat/ a box. Smells like
    the Irish Virus[1]

    http://www.codecutters.org/spam/smtpheaders.html on how to check the headers
    yourself (should come from their email server, probably 206.123.6.14 or
    206.123.6.19).

    netstat -a (typed into a Command Prompt window) lists current connections.
    TCPview (IIRC from sysinternals.com) does this in real-time and gives you a
    GUI to play with. Both should show any SMTP connections that are being
    setup. Make sure that you're not running IE (or whatever, if you use
    something else for email) at the time. You're looking for something on the
    "smtp" port.

    HTH

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!

    [1] "This is the Irish Virus. Please send this message to all your friends,
    then reformat your drive. Tank you very much". As sent to me by a friend
    from County Cork..
     
    Hairy One Kenobi, Jan 21, 2004
    #5
  6. Basilic

    Basilic Guest

    "Glenn Jarvis" <> wrote in message
    news:7tmPb.15936$...
    > Basilic wrote:
    >
    >
    > > Any ideas of what I could use to find this and remove it? Running XP Pro
    > > w/SP1 and all the updates installed.
    > >
    > > PS I'm on an internal network, DSL, with the server running Norton

    Security
    > > Suite - AV and firewall.

    >
    > Here's a couple of ideas, although I'm sure others will also add their
    > ideas as well. AdAware can miss some stuff. I use SpyBot(it can miss
    > things that AdAware can pick up on) as well as AdAware. Also, AVG is
    > slow somtimes updating their definition files. Might want to consider
    > another. I am also DSL, have an internal network, however, I run F-Prot
    > for virus protection and no firewall. I'm using the DI-604 router in
    > complete stealth mode. I also have the preview pane turned off in my
    > mail reader. I check all incoming email via viewing message source
    > first. Add the F-Prot email protection, and I seem to be in a good
    > position. So far, I've deleted 10 messages that have come in infected
    > without ever opening the gaffers. I replied to the Col., as there is a
    > site that has an online virus scanner that is usually up to date. Might
    > help you in a pinch, but I can't remember the url for it. Hopefully
    > someone here can :)
    >


    Thanks for the info. I'll get Spybot to compliment Adaware.

    I'm going to get ride of AVG as I found a copy of Norton. Norton is
    installed at work and never had any trouble with viruses, ever. But I will
    try F-Prot as well.

    The online scanner can be found at www.housecall.antivirus.com , it's from
    the makers of PC-cillin.
     
    Basilic, Jan 21, 2004
    #6
  7. In article <400ebfc7_4@aeinews.>, says...
    >
    > "Glenn Jarvis" <> wrote in message
    > news:7tmPb.15936$...
    > > Basilic wrote:
    > >
    > >
    > > > Any ideas of what I could use to find this and remove it? Running XP Pro
    > > > w/SP1 and all the updates installed.
    > > >
    > > > PS I'm on an internal network, DSL, with the server running Norton

    > Security
    > > > Suite - AV and firewall.

    > >
    > > Here's a couple of ideas, although I'm sure others will also add their
    > > ideas as well. AdAware can miss some stuff. I use SpyBot(it can miss
    > > things that AdAware can pick up on) as well as AdAware. Also, AVG is
    > > slow somtimes updating their definition files. Might want to consider
    > > another. I am also DSL, have an internal network, however, I run F-Prot
    > > for virus protection and no firewall. I'm using the DI-604 router in
    > > complete stealth mode. I also have the preview pane turned off in my
    > > mail reader. I check all incoming email via viewing message source
    > > first. Add the F-Prot email protection, and I seem to be in a good
    > > position. So far, I've deleted 10 messages that have come in infected
    > > without ever opening the gaffers. I replied to the Col., as there is a
    > > site that has an online virus scanner that is usually up to date. Might
    > > help you in a pinch, but I can't remember the url for it. Hopefully
    > > someone here can :)
    > >

    >
    > Thanks for the info. I'll get Spybot to compliment Adaware.
    >
    > I'm going to get ride of AVG as I found a copy of Norton. Norton is
    > installed at work and never had any trouble with viruses, ever. But I will
    > try F-Prot as well.
    >
    > The online scanner can be found at www.housecall.antivirus.com , it's from
    > the makers of PC-cillin.
    >
    >
    >



    I'd put my trust in AVG, F-Prot or F-Secure WAAAAY before I'd trust
    Norton or McAfee.



    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
     
    Colonel Flagg, Jan 21, 2004
    #7
  8. Basilic

    Ben Measures Guest

    Glenn Jarvis wrote:
    > Colonel Flagg wrote:
    >
    >
    >>
    >> There's a new worm out that could be causing it, perhaps your
    >> anti-virus hasn't added it to the definitions yet?
    >>
    >>
    >>

    > AVG is good, but sometimes slow on updating their definitions. I just
    > removed it as it kept locking up the system lately. I just installed
    > F-Prot which has the latest definitions including that latest little
    > gift out there. So far , I've been clear (although I should be with the
    > caution I exercise). Isn't there a online virus scanner site? I can't
    > for the life of me remember where it was. Might help him in a jam till
    > he can find something more suitable. (Just a thought...)
    >

    http://housecall.trendmicro.com/

    Really very good.

    --
    Ben M.

    ----------------
    What are Software Patents for?
    To protect the small enterprise from bigger companies.

    What do Software Patents do?
    In its current form, they protect only companies with
    big legal departments as they:
    a.) Patent everything no matter how general
    b.) Sue everybody. Even if the patent can be argued
    invalid, small companies can ill-afford the
    typical $500k cost of a law-suit (not to mention
    years of harassment).

    Don't let them take away your right to program
    whatever you like. Make a stand on Software Patents
    before its too late.

    Read about the ongoing battle at http://swpat.ffii.org/
    ----------------
     
    Ben Measures, Jan 22, 2004
    #8
  9. Basilic

    vb Guest

    "Ben Measures" <> wrote in message
    news:CAKPb.990$...
    > >

    > http://housecall.trendmicro.com/
    >
    > Really very good.
    >
    > --
    > Ben M.


    I agree, the Trend Micro scan is good.

    V.B.
     
    vb, Jan 22, 2004
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. spike240

    have you got any of these i can have

    spike240, Sep 13, 2005, in forum: Case Modding
    Replies:
    4
    Views:
    2,316
    XhArD
    Sep 14, 2005
  2. AK

    Have I got a virus?

    AK, Oct 30, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    375
  3. trout

    Have I got spyware

    trout, Jul 26, 2005, in forum: Computer Support
    Replies:
    11
    Views:
    800
    trout
    Aug 13, 2005
  4. Martin ©¿©¬ @nohere.net

    HAVE I GOT A VIRUS?

    Martin ©¿©¬ @nohere.net, Aug 19, 2007, in forum: Computer Support
    Replies:
    10
    Views:
    777
  5. I have a virus and malicious spyware

    , Nov 29, 2007, in forum: Computer Support
    Replies:
    5
    Views:
    510
Loading...

Share This Page